Computer Security Ch 7 - Exam III

  1. denial-of-service attack
    an attempt to compromise availability by hindering or blocking completely the provision of some service - attempts to exhaust some critical resource associated with the service
  2. poison packet
    packets whose structure triggers a bug in the system's network handling software, causing it to crash
  3. cyberslam
    a large number of large, costly queries constructed to overload the server
  4. classic denial-of-service attacks
    a flooding attack on an organization aimed to overwhelm the capacity of the network connection to the target organization
  5. source address spoofing
    the use of forged source addresses in a DoS attack
  6. backscatter traffic
    the ICMP (Internet Control Message Protocol) echo response packets that are generated in response to a ping flood using randomly spoofed source addresses
  7. SYN (synchronize) spoofing
    attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections
  8. ICMP (Internet Control Message Protocol) flood
    UDP (User Datagram Protocol) flood
    TCP SYN (Transmission Control Protocol Synchronizing) flood
    types of flooding attacks
  9. distributed denial-of-service attacks
    the use of multiple systems to generate attacks overloading a system
  10. application-based bandwidth attacks
    attacks that attempt to take advantage of the disproportionally large resource consumption at a server
  11. SIP (Session Initiation Protocol) Flood
    HTTP (Hypertext Transfer Protocol)-based attacks
    two types of protocols that can be used for application-based bandwidth attacks
  12. HTTP flood
    an attack that bombards Web servers with HTTP requests - typically a DDoS attack with HTTP requests coming from many different bots
  13. slowloris
    an HTTP-based attack that uses multiple threads to support multiple requests to the same server application - utilizes legitimate HTTP traffic, and does not rely on using special "bad" HTTP requests that exploit bugs in specific HTTP servers
  14. reflection attacks - uses network systems functioning normally
    the attacker sends packets to a known service on the intermediary with a spoofed source address of the actual target system, when the intermediary responds, the response is sent to the target - relfects the attack off the intermediary
  15. amplification attacks - uses network systems functioning normally
    a variant of reflector attacks - involves sending a packet with a spoofed source address for the target system to intermediaries - they can differ in generating multiple response packets for each original packet sent out
  16. attack prevention & preemption (before the attack)
    attack detection & filtering (during the attack)
    attack source traceback and identification (during & after the attack)
    attack reaction (after the attack)
    four lines of defense against DDoS attacks
  17. selective drop or random drop (ie: a type of defense against DoS attacks)
    the system's TCP/IP network code can be modified to selectively drop an entry for an incomplete connection from the TCP connections table when it overflows, allowing a new connection attempt to proceed
  18. identify the type of attack and hence the best approach to defend against it
    the first step upon detection of a DoS attack
  19. network
    three targets that attackers usually attack
  20. SIP (Session Initiation Protocol) flood
    type of flood that affects VoIP - attacker can flood with numerous INVITE requests with spoofed IP addresses
Card Set
Computer Security Ch 7 - Exam III
Denial-of-Service Attacks